Assurance Services Executive Committee

About the Committee

The Assurance Services Executive Committee's (ASEC) mission is to assure the quality, relevance, and usefulness of information or its context for decision makers and other users by (1) identifying and prioritizing emerging trends and market needs for assurance, and (2) developing related assurance methodology guidance and tools as needed. ASEC will achieve its mission by:

identifying significant trends giving rise to assurance needs, and determining the potential assurance guidance that would best meet those needs;

The ASEC Emerging Assurance Technologies Task Force is responsible for developing a conceptual framework and guidance to capitalize on emerging technologies affecting the business information supply chain, covering both internal and external reporting.

This whitepaper, which complements the whitepaper, Assurance Services: A White Paper for Providers and Users of Business Information, is
intended to assist organizations such as government agencies and
legislative bodies (federal, state, tribal and local), business
organizations, not-for-profit organizations, and associations that are
considering establishing and designing a third-party verification
program.

It identifies the essential elements of an effective
verification program and the factors that should be considered when
designing such a program. It also describes the advantages of including
CPAs as assessors in a third-party verification program and
incorporating the standards CPAs following into the programs.

This whitepaper was created to educate providers and users of
business information on the value and essential qualities of
independent, third-party assurance services and the increase confidence in
reported information due to those services. The paper identifies factors that should be
considered in choosing a quality assurance provider.

This resource presents measurement criteria for use when
providing attestation or consulting services to evaluate controls
relevant to the security, availability, and processing integrity of a
system, and the confidentiality and privacy of the information processed
by the system.

The guidance was established by the Assurance Services
Executive Committee (ASEC) of the AICPA, and is necessary when
performing SOC 2® and SOC 3® engagements.

This edition improves clarity and eliminates redundancy, and
updates the criteria based on the changing technology and business
environment. Click here for a mapping of the 2014 revised criteria (TPA Section 100) to the 2009 criteria (TPA Section 100A).